[Dev] Windows Kernel - FILE

ZwCreateFile

HANDLE file_handle = NULL;

NTSTATUS status;
OBJECT_ATTRIBUTES object_attributes;
UNICODE_STRING ufile_name = RTL_CONSTANT_STRING(L"\\??\\C:\\a.out");
InitializeObjectAttributes(
    &object_attributes,
    &ufile_name,
    OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE;
    NULL,
    NULL
);

status = ZwCreateFile(
    &file_handle,
    GENERIC_READ | GENERIC_WRITE,
    &object_attributes,
    &io_status,
    NULL,
    FILE_ATTRIBUTE_NORMAL,
    FILE_SHARE_READ,
    FILE_OPEN_IF,
    FILE_NON_DIRECTORY_FILE | FILE_RANDOM_ACCESS | FILE_SYNCHRONOUS_IO_NONALERT,
    NULL,
    0);

ZwClose(file_handle);

References

ZwCreateFile
ZwReadFile
ZwWriteFile
ZwClose

nixawk / Awesome-Windows-Debug

[Dev] Windows Kernel - FILE #16

ZwCreateFile

References